editorially independent. We may make money when you click on links
to our partners.
Learn More
Major Threats & Vulnerabilities
Zero-Day and Critical Exploits
A vulnerability in the Modular DS WordPress plugin (v2.5.1 and below) is being actively exploited to bypass authentication and gain admin access. Over 40,000 installations are at risk. A patch is available and should be applied immediately.
PAN-OS users are urged to patch a denial-of-service vulnerability affecting GlobalProtect portals and gateways. The flaw can knock systems offline, and proof-of-concept code has been released.
Microsoft’s January Patch Tuesday addressed 112 vulnerabilities, including critical flaws in SharePoint, Office, and a Windows DWM issue listed in CISA’s KEV catalog. Admins should prioritize these updates.
Fortinet patched a zero-login remote code execution vulnerability in FortiOS and FortiSwitchManager. The flaw allows unauthenticated attackers to execute code remotely. Access restrictions and monitoring are recommended.
Trend Micro Apex Central received patches for three vulnerabilities, one rated CVSS 9.8, that could allow unauthenticated SYSTEM-level remote code execution. No exploitation has been reported yet.
Google Chrome WebView users should update immediately to patch CVE-2026-0628, a high-severity vulnerability that allows code injection in apps and browsers.
Undertow, a Java web server used in WildFly and JBoss, is vulnerable to session hijacking via manipulated HTTP Host headers. A patch is available for CVE-2025-12543.
Malware and Exploits in the Wild
VoidLink, a modular Linux malware framework, is targeting cloud and container environments using in-memory plugins for stealth and persistence. Organizations should review container security configurations.
Ghost Tapped malware is exploiting Android NFC capabilities to conduct fraudulent transactions, stealing over $355,000 across multiple countries. The campaign remains active.
OWASP CRS has patched a flaw that allowed encoded XSS payloads to bypass WAF protections due to incomplete multipart inspection.
Industry News
Data Breaches and Leaks
A DHS data leak exposed personal and professional information of 4,500 ICE and Border Patrol agents, raising concerns of targeted harassment.
Gulshan Management Services, a Texas fuel operator, suffered a breach affecting 377,000 individuals. Attackers used stolen credentials to deploy malware and disrupt internal systems.
BreachForums suffered a major data leak, exposing usernames, emails, hashed passwords, IPs, and PGP keys of nearly 324,000 users, potentially aiding law enforcement investigations.
Phishing and Social Engineering
A WhatsApp phishing campaign is using fake meeting QR codes to hijack accounts by linking WhatsApp Web to attacker-controlled browsers. Users should only scan QR codes from the official site.
Instagram users received suspicious password reset emails. While no breach occurred, the incident highlights abuse of the account recovery feature and phishing risks.
AI and Emerging Threats
Microsoft Copilot was vulnerable to a Reprompt attack that allowed one-click data exfiltration via legitimate links. Microsoft has since patched the issue.
ZombieAgent attacks exploit ChatGPT connectors to leak data using hidden prompts embedded in files and emails. Platforms like Gmail and GitHub are at risk.
BrowseSafe AI browser protections were bypassed in 36% of red-team tests using encoded prompt injections, revealing significant guardrail gaps.
AI-driven scams contributed to $17 billion in crypto fraud in 2025, with impersonation tactics and deepfakes playing a major role.
Other Industry Developments
The UK government has halted its plan to mandate digital IDs for right-to-work checks due to privacy and security concerns, though optional verification will expand.
Betterment customers were targeted in a crypto scam after attackers hijacked a marketing platform. No accounts were breached, but personal data may have been exposed.
Apex Legends players experienced remote input hijacking. Respawn confirmed the issue but denied any remote code execution vulnerabilities.
ServiceNow patched an AI flaw that allowed unauthenticated user impersonation. No exploitation has been observed.
Security Tips & Best Practices
Cloud and Container Security
To secure cloud and container environments, organizations should:
- Restrict access to cloud metadata services
- Rotate secrets using short-lived tokens stored in an approved vault
- Enforce least privilege for Kubernetes service accounts
- Block privileged container workloads
Gaming and Mobile Security
Gamers should protect their accounts by:
- Using unique passwords with a password manager
- Enabling multi-factor authentication
- Securing email recovery options
- Avoiding unofficial mods or cheat tools
Mobile users are advised to:
- Use only official app stores and keep apps updated
- Review app permissions and use mobile antivirus
- Enable strong screen locks and device recovery features
- Avoid suspicious links and messages
Third-Party and AI Risk Management
To manage third-party risk, organizations should:
- Maintain a complete inventory of vendor integrations
- Enforce MFA, least privilege, and secure API token management
- Monitor outbound communications for anomalies
- Embed security requirements into vendor contracts
To mitigate AI-driven data exposure:
- Limit AI access to essential systems and enforce least privilege
- Avoid including sensitive data in prompts and regularly clear AI memory
- Train users to detect prompt injection and AI-specific abuse techniques
No new tools or frameworks were introduced this week, but several patches and updates were released across Microsoft, Fortinet, Google, and OWASP platforms. Organizations are urged to apply all relevant updates and review their security configurations in light of the vulnerabilities disclosed.
If you want to see more from our Newsletter Archive please click here.
